I have a working (99%) Captive portal, User gets a captive portal registration page, fills in a few details and then it is set for admin approval, the problem is, the user never gets sent the random password?
I have left the admin email address out on this screenshot, but, my understanding is, the admin gets an email to say "approve" and then the details get emailed to the guest?
when I hover over the "Account Delivery options available to the user" it says "Account information can not be displayed when admin approval is required"
does this mean, as soon as the admin approves, they have access? how would they know what the random password is? very confusing!
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The reason I say that about the latter is that all a threat actor needs to do is stand up an AP with a honeypot that mimics your captive portal's login screen, and then goes to a page that says, "Oops, something went wrong. Click here to try again" and they can harvest AD credentials.
That doesn't answer either of my questions? How should this be setup?
After the approval, guest should receive its credentials via email or SMS as shown also here, 'The Display on browser page option is only available if administrator approval is not required'.
Is the SMTP server currently configured in FAC? There are some SMTP server that restrict the relay functions for the the external domains.
Yes, its set to "email" and he did get an email about 10 minutes later! I wonder if SMS is quicker?
I can see he registers, gets put into the "GUEST" group on the FAC, and the Fortigate uses that group "remote server group" to authenticate, but the FAC logs show the error "Authentication failed: NAS cannot find user realm" the Realm is set to local! where the guest group is.
I think that the delay is added by the mail server or any email security in between. You can check from the FAC logs, network or on the server side, the email should leave FAC quickly.
I think that you shouldn't configure 'Restricted to Groups' in FGT in this case.
OK, That is something I need to look at, the delay is not acceptable, what about:
I can see he registers, gets put into the "GUEST" group on the FAC, and the Fortigate uses that group "remote server group" to authenticate, but the FAC logs show the error "Authentication failed: NAS cannot find user realm" the Realm is set to local! where the guest group is.. any idea?
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1570 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.